Re: [exim] Re (2): Configuring exim to use an non-TLS connec…

Top Page
Delete this message
Reply to this message
Author: Andrew C Aitchison
Date:  
To: peter
CC: exim-users
Subject: Re: [exim] Re (2): Configuring exim to use an non-TLS connection to port 587.
On Wed, 12 Apr 2023, Peter via Exim-users wrote:

> From:    Graeme Fowler via Exim-users <exim-users@???>
> Date:    Tue, 11 Apr 2023 18:44:22 +0100
>> ... problem is on your filesystem rather than on-the-wire.

>
> Another helpful tip is in https://wiki.debian.org/Exim4Gmail.
> /etc/exim4/passwd.client had permissions 600. Now 640.
>
> $ ls -ld /etc/exim4/passwd.client
> -rw-r----- 1 root Debian-exim 249 Apr 12 06:35 /etc/exim4/passwd.client
>
> Then created a fresh debug output which is here.
> http://easthope.ca/ex1
>
> It has these lines.
> 08:33:42  4098   internal_search_find: file="/etc/exim4/passwd.client"
> 08:33:42  4098     type=nwildlsearch key="easthope.ca" opts=NULL
> 08:33:42  4098   file lookup required for easthope.ca
> 08:33:42  4098     in /etc/exim4/passwd.client
> 08:33:42  4098 easthope.ca in "mail.easthope.ca"? no (end of list)
> 08:33:42  4098   lookup failed

>
> /etc/exim4/passwd.client can be read by Debian-exim and has only
> one active line beginning with mail.easthope.ca. This is the same
> snag as mentioned by Jeremy, Tue, 11 Apr 2023 18:56:10 +0100?
> "- they presented a server certificate that we don't like; specifically,
> the list of systems that are supposed to use the cert did not include
> the name we think the server has (the one we made a TCP connection to)."


Jeremy's last message metioned that this failure was correct given
the content of /etc/exim4/passwd.client
I think that means you need a line for easthope.ca in
/etc/exim4/passwd.client - a line for mail.easthope.ca is not the same
thing.

---
I am concerned about this line:
08:33:42 4098 158.69.159.172 in hosts_require_auth? no (option unset)

I think your smtp transport needs a line something like
     hosts_require_auth = *
or
     hosts_require_auth = hornby.islandhosting.com


(since 158.69.159.172 is hornby.islandhosting.com).

**BUT**   do not do this until tls is working, otherwise you will  ******
*******   send your password across the internet in plain text.    ******


IIRC you want to force TLS on this connection. If so you should also have
         hosts_require_tls = hornby.islandhosting.com




> A little further down.
> 08:33:43 4098 SMTP(closed)<<
> 08:33:43 4098 Remote host closed connection in response to pipelined DATA
>
> The smarthost refused to continue the conversation?
>
> Command options are explained fairly well. I'm not clear about the
> command and argument.
> exim -d+all -odf peter@??? ...
>
> Exim is invoked to send a test message to peter@????
> Similar to the Swaks autocreated test message?
> Exim attempts to send the messages in the spool addressed to peter?
>
> Yes, I opened
> https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html
> Under heading "1. Setting options by program name" are five cases not
> including exim.
>
> Thanks,                             ... P.

>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>


-- 
Andrew C. Aitchison                      Kendal, UK
                    andrew@???